options FAST_IPSEC & tunnels

[Michael Sierchio]

Sam Leffler wrote:

> Wow, someone besides me actually using fast ipsec! :)

At least two of us, besides you...

> 
> Packets are tagged once they've been processed on input.  I think you can do
> a similar check with something like:
> 
> if (m_tag_find(PACKET_TAG_IPSEC_IN_DONE) != NULL)
>     goto pass;
> 
> Long term, I intend is to associate packets with an enc device so there's a
> way to identify these packets when writing firewall rules.

That would be really helpful.